// For flags

CVE-2019-17420

 

Severity Score

5.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r
ending.

En OISF LibHTP versiones anteriores a 0.5.31, como es usado en Suricata versión 4.1.4 y otros productos, un error de análisis del protocolo HTTP hace que la firma http_header no avise en una respuesta con un solo \r
al final.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-10-09 CVE Reserved
  • 2019-10-09 CVE Published
  • 2024-08-05 CVE Updated
  • 2024-10-02 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-459: Incomplete Cleanup
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Oisf
Search vendor "Oisf"
 Libhtp
Search vendor "Oisf" for product "Libhtp"
 < 0.5.31
Search vendor "Oisf" for product "Libhtp" and version " < 0.5.31"
-
Affected
Suricata-ids
Search vendor "Suricata-ids"
 Suricata
Search vendor "Suricata-ids" for product "Suricata"
 4.1.4
Search vendor "Suricata-ids" for product "Suricata" and version "4.1.4"
-
Affected